Security8 min read

Crypto and Bitcoin Email Scams: Every Type Explained and How to Avoid Them

Cryptocurrency email scams range from fake exchange security alerts to blackmail emails claiming to have your passwords. This guide covers every common crypto scam email type, how to recognise them, and why crypto payments are scammers' favourite tool.

By Achyuth Kumar · Founder, TempMailKit

Published · Last reviewed by the TempMailKit editorial team

Cryptocurrency has become the payment method of choice for every category of email scammer for one simple reason: transactions are irreversible. Once you send Bitcoin, Ethereum, or any other cryptocurrency to a scammer's wallet, it cannot be recalled, reversed, or retrieved by any bank or authority. This makes crypto the perfect endpoint for fraud that began as an email. The email scams that involve cryptocurrency range from fake exchange security alerts to sophisticated blackmail emails claiming to hold embarrassing footage, from fake investment opportunities to pig butchering romance scams. Understanding each type clearly is the best protection — because unlike many scams, these can result in losses of thousands of dollars that are genuinely unrecoverable.

The Sextortion/Blackmail Email

This is one of the most widespread crypto scam emails. It claims that malware was installed on your device while you were visiting adult websites, that your webcam was activated, and that the attacker recorded a video of you. They threaten to send the video to all your contacts unless you pay a specific amount of Bitcoin to a provided wallet address, usually within 24 to 48 hours. The email often includes a real password you have used somewhere — harvested from a data breach dump — to make the threat seem credible.

This scam is a bluff. The attacker does not have a video. No malware was installed. The password inclusion is a social engineering technique using breach data, not evidence of access. The "proof of access" is fabricated. Millions of these emails are sent daily to addresses in breach dumps, and the tiny percentage who pay make the operation profitable. Do not pay. Do not respond. If you recognise the password as one you use, change it on any service where it is in use — that is the only action required. Report the email to the FBI's Internet Crime Complaint Centre (ic3.gov) if you are in the US.

Fake Cryptocurrency Exchange Security Alerts

An email claiming to be from Coinbase, Binance, Kraken, or another major exchange tells you that unusual activity was detected on your account, or that your withdrawal has been flagged. The link leads to a fake exchange login page. Entering your credentials and any two-factor authentication code you are prompted for gives the attacker immediate access to your exchange account and any crypto holdings within it. Cryptocurrency exchanges send genuine security alerts, which makes this a particularly effective phishing script. Always verify any exchange alert by logging directly into the exchange's official domain rather than clicking an email link. Real Coinbase emails come from @coinbase.com; Binance from @binance.com. Any variation is fake.

Fake Cryptocurrency Winning and Airdrop Emails

"You have been selected to receive 2.5 ETH as part of our anniversary promotion. Connect your wallet to claim." Or: "You won our Bitcoin lottery. To receive your prize, pay a small processing fee of 0.01 BTC first." No legitimate cryptocurrency company runs email lotteries or sends winnings to random addresses. The "connect your wallet" variant is designed to harvest your wallet seed phrase or private key. The "pay a small fee to receive a larger amount" variant never delivers the promised sum — the fee is the theft.

Investment Opportunity Emails

These emails promise extraordinary returns from cryptocurrency trading, mining, or arbitrage — sometimes claimed to be backed by AI trading algorithms or insider information. "Our platform generated 340% returns last month. Invest now and your first $500 is matched." These are variations of classic investment fraud with cryptocurrency as the vehicle. Legitimate investment opportunities do not arrive unsolicited in your email. Returns of hundreds of percent are not achievable consistently — anyone claiming them is lying. Once funds are deposited, they are transferred to wallets the operator controls and cannot be recovered.

The Pig Butchering Scam

This is a more involved and devastating variant. It typically begins with an unsolicited email or text appearing to be sent to the wrong person — "Hi, is this Sarah? I think I have the wrong number." Over weeks, the operator builds a relationship through email or messaging, often posing as a successful professional. When sufficient trust is built, they introduce a cryptocurrency investment platform they claim to have used with great success. They encourage investing small amounts initially and show the victim impressive fake returns in their fake platform dashboard. Victims are encouraged to invest more and more. When they eventually try to withdraw, they are asked to pay "taxes" or "fees" before withdrawal. Every payment is taken. The platform is fake, the relationship is manufactured, and the money is gone. Losses from pig butchering scams are frequently in the tens of thousands of dollars.

Why Cryptocurrency Scams Are So Effective

The irreversibility of cryptocurrency transactions is the defining feature that makes these scams particularly devastating compared to bank transfer fraud — banks have fraud reversal processes, cryptocurrency does not. The pseudonymous nature of wallets makes tracing and recovering funds extremely difficult. Many victims are unfamiliar enough with cryptocurrency to be uncertain about what is normal, making them more susceptible to fabricated authority (fake platform dashboards, fake support agents, forged transaction screenshots). Regulation of the cryptocurrency space is still developing, which means there are fewer official channels for reporting and recovering losses compared to traditional banking fraud.

What to Do About Crypto Scam Emails

For blackmail/sextortion emails: do not pay, change the exposed password if you recognise it, and report to ic3.gov (US) or Action Fraud (UK). For fake exchange alerts: verify on the exchange's real website directly. For investment opportunities: do not engage. If you have already sent cryptocurrency to a scammer, report to ic3.gov and to local law enforcement — recovery is unlikely but reporting creates investigation records and protects others. The email address used in these campaigns almost always comes from breach data — limiting the exposure of your real email address through privacy practices reduces how often it appears in such campaigns.

Frequently Asked Questions

I got an email saying someone has a video of me and wants Bitcoin. Is it real?

No. This is an automated mass scam called sextortion. No video exists. The attacker does not have access to your device or webcam. If the email includes a real password of yours, it came from a data breach — change that password on any service where you use it. Do not pay anything. Do not reply. Report it at ic3.gov (US) or Action Fraud (UK) and delete the email.

My crypto exchange sent me a security alert. How do I know if it is real?

Log into your exchange directly by typing the exchange's official URL in your browser — never via a link in the email. Check your account's notification or security log there. Any real security event will be visible in your account. Confirm the sender email domain matches the exchange's exact official domain. If both checks show nothing unusual, the alert was fake.

Someone offered me a cryptocurrency investment that guarantees high returns. Is it legitimate?

No. Guaranteed high returns in cryptocurrency — or any investment — are a defining marker of fraud. Legitimate investment platforms do not contact investors unsolicited by email, do not guarantee specific returns, and do not ask you to invite friends for bonuses. If you encountered this through a relationship that started with a wrong-number message or an online connection, you are likely in the early stages of a pig butchering scam. Stop all contact and do not send any money.

Can I recover cryptocurrency I sent to a scammer?

In most cases, no. Cryptocurrency transactions are irreversible by design. Once sent to a wallet the scammer controls, the funds cannot be recalled by you, your bank, or the cryptocurrency platform. Report to ic3.gov (US), Action Fraud (UK), or local law enforcement — recovery is rare but reporting creates investigation records. Be extremely cautious of "cryptocurrency recovery" services that promise to retrieve stolen funds for a fee upfront — these are almost always secondary scams targeting people who have already lost money.

Achyuth Kumar

Founder & editor, TempMailKit

Achyuth builds privacy tools and writes TempMailKit’s guides on email security, spam, and online privacy. Every article is checked against primary sources and our editorial policy before it is published. Questions or a correction? Get in touch.

Ready to protect your inbox?

Generate a free temporary email address in one click. No sign-up required.

Get a Free Temp Email